Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
- To: debian-med@lists.debian.org, "Shah, Amul" <Amul.Shah@fisglobal.com>
- Subject: Re: Naming scheme of fis-gtm binary packages (Was: Bug#1009900: fis-gtm: Multiple CVEs in fis-gtm)
- From: Andreas Tille <andreas@an3as.eu>
- Date: Tue, 23 Aug 2022 16:21:00 +0200
- Message-id: <[🔎] YwTiTJmRtAZ88tIQ@an3as.eu>
- In-reply-to: <[🔎] YvZJStQcYoTJaIiH@an3as.eu>
- References: <Yqs6jbUUJ9P3pG8V@an3as.eu> <DB9PR08MB655538006C985A7861C79EBFEBAC9@DB9PR08MB6555.eurprd08.prod.outlook.com> <Yqw+/H/WUnFuuP1D@an3as.eu> <DB9PR08MB65554F7B18855E68A817BE71EBAF9@DB9PR08MB6555.eurprd08.prod.outlook.com> <DB9PR08MB6555AC90C65E2AF1148E2E90EB879@DB9PR08MB6555.eurprd08.prod.outlook.com> <Ys0KLTCDd0z1S0n7@an3as.eu> <YuOSldxPtAbqtmvE@an3as.eu> <YuPwWdMrgX8VUoBo@hermes.hilbert.loc> <YuTEt0t8qvg8z8aH@an3as.eu> <[🔎] YvZJStQcYoTJaIiH@an3as.eu>
Hi again,
this is a last warning. If I do not hear any decision I will choose
my own prefered naming scheme and will upload the package.
Kind regards
Andreas.
Am Fri, Aug 12, 2022 at 02:36:26PM +0200 schrieb Andreas Tille:
> Hi again,
>
> Amul, can you please, pretty please get to some decision *right now* and
> than we act accordingly? Leaving CVEs unattended just because there is
> a package name discussion pending is not acceptable. If I do not hear
> from you until Monday I will throw a coin and do what the coin says. We
> can revert the decision of the coin afterwards once there is another
> reason for an upload.
>
> Kind regards
> Andreas.
>
> Am Sat, Jul 30, 2022 at 07:42:15AM +0200 schrieb Andreas Tille:
> > Hi Karsten,
> >
> > I do not mind, to keep the numbering scheme if it makes sense and
> > reflects the truth. It just needs do be done in a timely manner. Long
> > standing open CVEs are not acceptable. The current decision should be
> > drawn quickly and acted accordingly. I hope I made the consequences to
> > keep the current versioning scheme clear and if the price is worth
> > paying than it should be payed. Just doing nothing is wrong in the
> > current situation.
> >
> > Kind regards
> > Andreas.
> >
> > Am Fri, Jul 29, 2022 at 04:36:09PM +0200 schrieb Karsten Hilbert:
> > > Am Fri, Jul 29, 2022 at 09:56:05AM +0200 schrieb Andreas (Debian):
> > >
> > > > I wonder if there is some decision about the naming scheme. I *really*
> > > > want to get the CVE bugs fixed. Users might consider Debian packages
> > > > useless otherwise.
> > >
> > > As far as I remember the "Mumps community" considers each and
> > > every release "potentially incompatible".
> > >
> > > This may or may not be true, and it may or may not be wise,
> > > regardless of truth.
> > >
> > > I would think that there should be an external repository
> > > being run by, say, fis.gtm, which carries "each and every"
> > > minor release as an installable package. This is similar to
> > > what PostgreSQL offers. Additionally, in order to lower the
> > > barrier for entry, there should be official, in-Debian,
> > > "stable" packages, say v6, v7, ... which carry the currently
> > > latest patch release per major version. Creating those ought
> > > to be pretty easy, once the vendor repo is available.
> > >
> > > Karsten
> > > --
> > > GPG 40BE 5B0E C98E 1713 AFA6 5BC0 3BEA AC80 7D4F C89B
> > >
> > >
> >
> > --
> > http://fam-tille.de
> >
> >
>
> --
> http://fam-tille.de
>
>
--
http://fam-tille.de
Reply to: